CVE-2021-22894: 
Ivanti Connect Secure vulnerability analysis and mitigation

CVE-2021-22894 is a buffer overflow vulnerability discovered in Pulse Connect Secure (now Ivanti Connect Secure) versions before 9.1R11.4. The vulnerability was disclosed on May 27, 2021, and was assigned a high severity rating (NVD).

The vulnerability is classified as a buffer overflow (CWE-119) that allows a remote authenticated attacker to execute arbitrary code as the root user via a maliciously crafted meeting room. The vulnerability has received a CVSS v3.1 base score of 8.8 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and requiring low privileges (NVD).

The successful exploitation of this vulnerability could allow an authenticated attacker to execute arbitrary code with root privileges on the affected system. This level of access could lead to complete system compromise, potentially affecting the confidentiality, integrity, and availability of the Pulse Connect Secure appliance (Rapid7).

Organizations are advised to upgrade to Pulse Connect Secure version 9.1R11.4 or later to address this vulnerability. CISA has mandated that federal agencies apply updates according to vendor instructions (NVD).